Bug: Native Agent Sandbox fails with "ripgrep execution failed (os error 2)" during pre-discovery on Linux

Support Bug Reports
, ,
1

Where does the bug appear (feature/product)?

Cursor IDE

Describe the Bug

Composer Agent Sandbox Crash (ripgrep os error 2)

When attempting to use the Composer Agent with Sandbox mode enabled on Linux (EndeavourOS/Arch), the agent immediately crashes at Step 0/7 with an IO error stating that ripgrep execution failed (os error 2).

Here is what I have extensively tested, all resulting in the exact same os error 2 during pre-discovery:

  • AUR Package: Tested cursor-bin, which failed due to missing host system libraries inside the jail.
  • Standard AppImage: Tested the official AppImage natively, which also failed.
  • Static Binary Injection: Extracted the AppImage (--appimage-extract) and replaced the internal rg binary with an officially compiled static musl version of ripgrep to bypass any dynamic linker issues.
  • System Path Relocation: Moved the fully extracted application (with the static binary) out of my restricted user directory and into /opt/cursor/ to ensure the sandbox’s /home directory lockdown wasn’t causing the file to be hidden.

Even with a statically linked ripgrep sitting physically at /opt/cursor/usr/share/cursor/resources/app/node_modules/@vscode/ripgrep/bin/rg, the native Linux sandbox fails to map or execute it internally. It causes an immediate crash when the Agent attempts to run standard, network-approved commands like curl.

Steps to Reproduce

  1. Install Cursor on an Arch-based Linux distribution (tested via AUR cursor-bin, official AppImage, and manually extracted AppImage).
  2. Launch the application and open any project workspace.
  3. Navigate to Cursor Settings > Agent > Terminal.
  4. Disable the “Legacy Terminal Tool” and set “Auto-Run Mode” to Run in Sandbox.
  5. Open the Composer chat and request the agent to execute a standard, outbound network command (e.g., curl -I https://google.com).
  6. Observe the immediate crash at Step 0/7 with the error: Failed to apply sandbox: IO error: Step 0/7 (pre-discovery) failed: IO error: ripgrep execution failed... No such file or directory (os error 2).

Crucial detail for reproduction: Even if the AppImage is fully extracted (e.g., to /opt/cursor/) and a statically linked musl version of ripgrep is manually injected at the exact expected path, the Linux mount namespace still fails to read or execute the binary internally.

Screenshots / Screen Recordings

Screenshot_20260220_122824.png
Screenshot_20260220_122824.png846×321 11.1 KB

Operating System

Linux

Version Information

Cursor IDE Version: 2.5.17

Does this stop you from using Cursor

Yes - Cursor is unusable

Linux sandbox fails — cannot find ripgrep in mount namespace
3

Hey, thanks for the report.

The sandbox is currently only officially supported on macOS. Linux support is still in progress. The ripgrep pre-discovery step fails because the sandbox mount namespace doesn’t correctly map the binary on Linux, no matter where it’s located or how it was compiled.

As a workaround:

  1. Go to Cursor Settings > Agents > Terminal
  2. Set Auto-Run Mode to Ask Every Time or Run Everything (this fully bypasses the sandbox)
  3. Restart Cursor

This approach is confirmed to work in a similar report. The team is aware of the gaps in Linux sandbox support, and your report helps with prioritization.

Let me know if switching Auto-Run Mode unblocks you.